From 4abb9b0b7511e62de9f548415b484ace2454a3ef Mon Sep 17 00:00:00 2001 From: tjw Date: Wed, 14 Feb 2007 23:14:25 +0000 Subject: * (bug 3027) don't trust the "ip" value in the userinfo string since a client could set this. disconnect (or disallow connection for) a client that has a userinfo string that's too full for "ip" to be added properly. (Richard Stanway) git-svn-id: svn://svn.icculus.org/quake3/trunk@1043 edf5b092-35ff-0310-97b2-ce42778d08ea --- code/server/sv_client.c | 48 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 16 deletions(-) (limited to 'code') diff --git a/code/server/sv_client.c b/code/server/sv_client.c index a0df1ce..71b0386 100644 --- a/code/server/sv_client.c +++ b/code/server/sv_client.c @@ -238,6 +238,7 @@ void SV_DirectConnect( netadr_t from ) { int startIndex; intptr_t denied; int count; + char *ip; Com_DPrintf ("SVC_DirectConnect ()\n"); @@ -269,6 +270,19 @@ void SV_DirectConnect( netadr_t from ) { break; } } + + // don't let "ip" overflow userinfo string + if ( NET_IsLocalAddress (from) ) + ip = "localhost"; + else + ip = (char *)NET_AdrToString( from ); + if( ( strlen( ip ) + strlen( userinfo ) + 4 ) >= MAX_INFO_STRING ) { + NET_OutOfBandPrint( NS_SERVER, from, + "print\nUserinfo string length exceeded. " + "Try removing setu cvars from your config.\n" ); + return; + } + Info_SetValueForKey( userinfo, "ip", ip ); // see if the challenge is valid (LAN clients don't need to challenge) if ( !NET_IsLocalAddress (from) ) { @@ -285,8 +299,6 @@ void SV_DirectConnect( netadr_t from ) { NET_OutOfBandPrint( NS_SERVER, from, "print\nNo or bad challenge for address.\n" ); return; } - // force the IP key/value pair so the game can filter based on ip - Info_SetValueForKey( userinfo, "ip", NET_AdrToString( from ) ); ping = svs.time - svs.challenges[i].pingTime; Com_Printf( "Client %i connecting with %i challenge ping\n", i, ping ); @@ -309,9 +321,6 @@ void SV_DirectConnect( netadr_t from ) { return; } } - } else { - // force the "ip" info key to "localhost" - Info_SetValueForKey( userinfo, "ip", "localhost" ); } newcl = &temp; @@ -1165,7 +1174,9 @@ into a more C friendly form. */ void SV_UserinfoChanged( client_t *cl ) { char *val; + char *ip; int i; + int len; // name for C code Q_strncpyz( cl->name, Info_ValueForKey (cl->userinfo, "name"), sizeof(cl->name) ); @@ -1214,18 +1225,23 @@ void SV_UserinfoChanged( client_t *cl ) { // TTimo // maintain the IP information - // this is set in SV_DirectConnect (directly on the server, not transmitted), may be lost when client updates it's userinfo // the banning code relies on this being consistently present - val = Info_ValueForKey (cl->userinfo, "ip"); - if (!val[0]) - { - //Com_DPrintf("Maintain IP in userinfo for '%s'\n", cl->name); - if ( !NET_IsLocalAddress(cl->netchan.remoteAddress) ) - Info_SetValueForKey( cl->userinfo, "ip", NET_AdrToString( cl->netchan.remoteAddress ) ); - else - // force the "ip" info key to "localhost" for local clients - Info_SetValueForKey( cl->userinfo, "ip", "localhost" ); - } + if( NET_IsLocalAddress(cl->netchan.remoteAddress) ) + ip = "localhost"; + else + ip = (char*)NET_AdrToString( cl->netchan.remoteAddress ); + + val = Info_ValueForKey( cl->userinfo, "ip" ); + if( val[0] ) + len = strlen( ip ) - strlen( val ) + strlen( cl->userinfo ); + else + len = strlen( ip ) + 4 + strlen( cl->userinfo ); + + if( len >= MAX_INFO_STRING ) + SV_DropClient( cl, "userinfo string length exceeded" ); + else + Info_SetValueForKey( cl->userinfo, "ip", ip ); + } -- cgit v1.2.3